WASHINGTON -- Former CIA Director George Tenet
called Wednesday for tough new security measures to guard against attacks
on the United States using the Internet, which he called "a potential
Achilles heel for our financial stability and physical security."

"I know that these actions will be controversial in this age when we
still think the Internet is a free and open society with no control or accountability,"
Tenet told an IT security conference in Washington, "but ultimately the
Wild West must give way to governance and control."

The national media, including United Press International, were excluded from
the event at Tenet's request, organizers said, but UPI was given an account
of the speech by a member of the audience. The quotes were verified by a source
close to the former director.

Tenet's speech articulated widely shared concerns among U.S. intelligence
and homeland security officials that telecommunications -- and specifically
the Internet -- represent a backdoor through which terrorists and other enemies
of the United States can attack the country, even though some progress has
been made in securing the physical infrastructure.

The Internet, Tenet said, "represents a potential Achilles heel for our
financial stability and physical security if the networks we are creating
are not protected."

"Efforts at physical security will not be enough," he argued, "because
the thinking enemy that we confront is going to school on our network vulnerabilities,"
leveraging the possibility that the Internet gave them to "work anonymously
and remotely" with little risk of apprehension.

He said that there were "known adversaries conducting research on information
attacks," including "intelligence services, military organizations
and non-state actors."

Robert Bagnall, a former military intelligence officer who specializes in
computer security for small and medium-sized companies, said that Islamic
terror groups like al-Qaida currently appeared to lack the expertise to stage
successful cyber attacks on their own.

But he added that their capacities were growing every day and that there was
also a blossoming market in "hacking for hire," which posed a very
real threat.

"These guys are very good," he said of the professionals. "It's
how they make they make their living. You aren't talking about kids in a basement
any more."

Bagnall said that organized crime could provide the nexus between professional
hackers and terror groups. "The guys who are going to bring that expertise
to them are the Russian mob," he told UPI.

Many worry that the United States' capacity to secure its networks and respond
to attacks is growing much more slowly than the capacity of its enemies to
mount those attacks.

Within the federal government, the Department of Homeland Security has the
lead role in protecting the United States from Internet terrorism. But the
department's head of cyber security recently quit suddenly, amid reports that
he had clashed with his superiors.

"The department's cyber security program is not where it needs to be,"
John Gannon, staff director of the House Select Committee on Homeland Security,
told UPI last month.

The committee recently produced legislation that would raise the rank of the
post Amit Yoran held to the assistant secretary level.

"Elevating the post (of cyber-security chief) to assistant secretary
level (in the legislation) was a sign of our concern about the progress they
were making," Gannon said.

Not all experts share Tenet's concerns. Former senior federal cyber security
official F. Lynn McNulty told UPI it was important to keep the problem in
perspective.

"In terms of potential damage, losses and other consequences, the old-school
threats remain the most serious," he said, referring to truck bombs,
suicide hijackings and other conventional terrorist techniques.

"We may overestimate the capabilities of the attacker, especially to
launch a major frontal assault," he cautioned.

But Tenet, who left the CIA in July after serving as director for seven years,
warned that al-Qaida, though its first-tier leadership had been largely destroyed,
remained "a sophisticated, intelligent organization with enormous capability."

The second-tier leadership that was emerging, he added, oversaw "a global,
decentralized movement" whose "ability to thrive" depended
crucially on the Internet, which enabled them to share information from explosives
recipes to the best ways to get into Iraq undetected.

The group, he said, was "undoubtedly mapping vulnerabilities and weaknesses
in our telecommunications networks."

However, McNulty, while acknowledging the cyber terror threat is real, stressed
it was important not to overstate the nation's vulnerabilities. "In many
cases, our networks and our critical infrastructure are much more robust than
they get credit for," he told UPI recently.

McNulty said the key U.S. vulnerability was to "low-level attacks ...
not a single catastrophic attack that ripples out across the country."

On this, Tenet was in agreement. "I am not worried about a Pearl Harbor,"
he said. "I'm worried about how they could use an isolated attack to
play off what they do physically."

Others, like science fiction writer Bruce Sterling, have framed the danger
as "not so much a digital Sept. 11, but rather a digital Mogadishu,"
a reference to the lawless and warlord-dominated capital of Somalia.

Under this conception, the key vulnerability is represented by the fact that
a network is only as secure as its weakest link.

The United States was "at a crossroads," Tenet said, pointing out
that the technological transformation of key industries was making them more
vulnerable. "More critical industries previously isolated from Internet-security
problems are reaching the point where the legacy infrastructure will have
to be retired."

The danger was that more modern systems were based on "a fragile infrastructure"
-- networks where weak security was endemic, because they were "only
as secure as the weakest link in the customer chain."

Howard Schmitt, former head of security for the Internet auction house eBay
and now a government cyber security consultant, pointed out in a recent speech
that "the attack vector has changed" for Internet attacks.

No longer were networks being attacked at the center, he said, but rather
through customer or other "downstream" accounts, thousands of which
were compromised every day by hackers and other criminals.

He said that only 16 percent of Internet users changed their passwords more
than once a year and that nearly two-thirds used the same one or two passwords
for all their online accounts.

"If the end user, who is now part of the network, is not secure,"
Schmitt said, "we're not secure."

Tenet said that, for just this reason, access to some networks might need
to be limited to those who could prove they took security seriously.

McNulty agreed that there would have to be "some retreat from the Wild
West" concept of the Internet as an ungoverned space.

"It has become such an integral part of people's lives," he argued,
"that they will demand from policymakers and legislators the laws and
regulations needed to protect it."

Tenet suggested that this might not be enough, arguing that the very technology
underlying the Internet was vulnerable because of its open structure. "New
attacks have raised questions about the trustworthiness of the Internet and
Internet protocol technologies," he said.

He called for industry to lead the way by "establishing and enforcing"
security standards. Products needed to be delivered to government and private-sector
customers "with a new level of security and risk management already built
in."